Description

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

Remediation

References

CVE-2019-15043

Related Vulnerabilities

Jenkins Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-43497)

Joomla Improper Input Validation Vulnerability (CVE-2006-4466)

WordPress Plugin Pinterest 'Pin It' Button Multiple Unspecified Vulnerabilities (1.3.1)

Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4072)

MySQL CVE-2018-2576 Vulnerability (CVE-2018-2576)

Severity

High

Classification

CVE-2019-15043 CWE-306 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities